2ab703b10fc8e00ec3b99d0b07995863495307da78f44793677c81bdc3f54afb

Sharing

Copy URL Twitter E-mail

General

Target

2ab703b10fc8e00ec3b99d0b07995863495307da78f44793677c81bdc3f54afb
Size

735KB
MD5

1aef02c8ffb40a5d2ad92c61a2b74778
SHA1

0472aa5ab2449d20ec84d84a204a8e9dc6c3c11d
SHA256

2ab703b10fc8e00ec3b99d0b07995863495307da78f44793677c81bdc3f54afb
SHA512

c6c9b010200eaef4c678948f3e0320ad5f5c72df2d403b3ad15c4688f6a0fe119fdb66b436ae3e4a37279686da002c059a4f1aec8fe637549dbed5f54d4895b6
SSDEEP

12288:9TCS0OnyauNXnRRiqpf4m51apToSfBWqAHc+Ma/S9WVZEBEZbZdEmHM:MIyeQf40XvtT/S4zEO7tH

Score

N/A

Malware Config

Signatures

Files

2ab703b10fc8e00ec3b99d0b07995863495307da78f44793677c81bdc3f54afb
.exe windows x86

fec07e6be957a289d37f33023ae4c850

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

IsBadCodePtr
lstrcpynA
RtlZeroMemory
GetTimeFormatW
GlobalUnlock
GetProcessWorkingSetSize
SetCurrentDirectoryA
SetUnhandledExceptionFilter
GetDiskFreeSpaceA
VirtualAlloc
GetSystemDirectoryW
SetProcessWorkingSetSize
SetFileTime
GetPrivateProfileIntW
GetFileTime
GetEnvironmentStrings
UnhandledExceptionFilter
ContinueDebugEvent
GetThreadPriority
AddAtomW
DefineDosDeviceA
GetProcessAffinityMask
WriteConsoleOutputCharacterA
PeekNamedPipe
FindNextVolumeW
TzSpecificLocalTimeToSystemTime
SetThreadPriority
GetModuleHandleA
GetTempFileNameA
TlsSetValue
GetProcAddress
WritePrivateProfileSectionA
SetInformationJobObject
GetProfileStringA
GlobalHandle
SetProcessAffinityMask
GetStartupInfoW
DeleteCriticalSection
HeapReAlloc
ProcessIdToSessionId

crypt32

CertCreateContext

msvcrt

free
_snprintf
_statusfp
rand
_mbsrchr
wcstok
_fcvt
iswpunct
_localtime64
_i64toa
_flushall
__p___initenv
fgetc
_getcwd

advapi32

AddAccessDeniedAce
LookupPrivilegeValueA
AccessCheck
RegSetValueExW
QueryServiceLockStatusA
RegisterTraceGuidsW
GetKernelObjectSecurity
ImpersonateSelf
TraceEvent
InitializeAcl
IsTokenRestricted
LsaCreateAccount
AllocateLocallyUniqueId
SystemFunction006
GetTraceEnableFlags
RegReplaceKeyW
RegQueryValueA
WmiFileHandleToInstanceNameW
CryptDuplicateHash
QueryServiceConfigW

winsta

WinStationQueryInformationW
WinStationGetAllProcesses
ServerLicensingGetPolicy
WinStationCloseServer
WinStationFreeGAPMemory
WinStationNameFromLogonIdW
ServerLicensingGetAvailablePolicyIds
WinStationEnumerateProcesses
ServerLicensingSetPolicy
WinStationFreeMemory
WinStationDisconnect
ServerLicensingOpenW
WinStationOpenServerW
WinStationEnumerateW
LogonIdFromWinStationNameW
WinStationReset

Sections

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 39KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 220KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 183KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 194KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fec07e6be957a289d37f33023ae4c850

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

msvcrt

advapi32

winsta

Sections

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.text Size: 39KB - Virtual size: 475KB

.idata Size: 220KB - Virtual size: 355KB

.idata Size: 183KB - Virtual size: 343KB

CRT Size: 194KB - Virtual size: 333KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 512B - Virtual size: 388B

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 475KB

.idata
Size: 220KB - Virtual size: 355KB

.idata
Size: 183KB - Virtual size: 343KB

CRT
Size: 194KB - Virtual size: 333KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 512B - Virtual size: 388B